On Thu, Mar 17, 2011 at 4:33 AM, Susanne Gladén <[email protected]> wrote: > Trying to get the backoffice on HTTPS and the blog on HTTP - but I > cant get it to work. > > If I set: > securelogin.enabled=true > schemeenforcement.enabled=true > > Then I get stuck in a Login-redirect loop > For example: > I am trying to access a page in Backoffice that is not specified in > schemeenforcement.https.urls. > But in security.xml the page is set to only be viewed by admin or > editor. So I have to login. > I login and redirected to the page on HTTP (since it is not specified > in schemeenforcement.https.urls). > I loose my jsessionid and security.xml reqiures me to be logged in - > so I have to login. > > Is this still under development?
That is a feature that worked in 4.0, but may have been broken by work done in 5.0. If it really is broken, we should report the problem in Roller's JIRA issue tracker. > In found in web.xml: > <!-- Scheme enforcement. Only here until we get Acegi scheme > enforcement working --> > > When will Acegi scheme enforcement be implemented? I don't have plans to implement scheme enforcement with Acegi. I'm not sure if it will be easier to 1) fix Roller built-in scheme enforcement or 2) hook-up the Acegi scheme enforcement feature. > If I would make a fix for this before it is corrected. If you make a fix, then please share it with us ;-) > Is it a good idea to create a filter that matches patterns instead of > ulrs? For exaple: /roller-ui/** > > Is all backoffice pages located below /roller-ui/ ? > Or is there any pages that are located somwhere else? Yes, all the editor/admin pages are in roller-ui. Hope that helps... - Dave
